[Gluster-devel] Fixing setfsuid/gid problems in posix xlator
Pranith Kumar Karampuri
pkarampu at redhat.com
Fri Sep 23 07:07:38 UTC 2016
On Fri, Sep 23, 2016 at 12:30 PM, Soumya Koduri <skoduri at redhat.com> wrote:
>
>
> On 09/23/2016 08:28 AM, Pranith Kumar Karampuri wrote:
>
>> hi,
>> Jiffin found an interesting problem in posix xlator where we have
>> never been using setfsuid/gid (http://review.gluster.org/#/c/15545/),
>> what I am seeing regressions after this is, if the files are created
>> using non-root user then the file creation fails because that user
>> doesn't have permissions to create the gfid-link. So it seems like the
>> correct way forward for this patch is to write wrappers around
>> sys_<syscall> to do setfsuid/gid do the actual operation requested and
>> then set it back to old uid/gid and then do the internal operations. I
>> am planning to write posix_sys_<syscall>() to do the same, may be a
>> macro?.
>>
>
> Why not otherwise around? As in can we switch to superuser when required
> so that we know what all internal operations need root access and avoid
> misusing it.
>
The thread should have the uid/gid of the frame->root->uid/gid only at the
time of executing the syscall of open/mkdir/creat in posix xlator etc, rest
of the time it shouldn't. So doing it this way.
>
> Thanks,
> Soumya
>
> I need inputs from you guys to let me know if I am on the right path
>> and if you see any issues with this approach.
>>
>> --
>> Pranith
>>
>>
>> _______________________________________________
>> Gluster-devel mailing list
>> Gluster-devel at gluster.org
>> http://www.gluster.org/mailman/listinfo/gluster-devel
>>
>>
--
Pranith
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.gluster.org/pipermail/gluster-devel/attachments/20160923/58260244/attachment-0001.html>
More information about the Gluster-devel
mailing list